1 / 17

Chapter 1 We’ve Got Problems…

Chapter 1 We’ve Got Problems…. Four Horsemen. … of the electronic apocalypse Spam --- unsolicited bulk email Over 70% of email traffic Bugs --- software flaws DoS --- denial of service Malware --- malicious software The “real war” is waged with malware. Why Study Malware?.

darren
Download Presentation

Chapter 1 We’ve Got Problems…

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 1We’ve Got Problems…

  2. Four Horsemen • … of the electronic apocalypse • Spam --- unsolicited bulk email • Over 70% of email traffic • Bugs --- software flaws • DoS --- denial of service • Malware --- malicious software • The “real war” is waged with malware

  3. Why Study Malware? • Deepest connections to other three • Propagated using spam • Used to send spam • Take advantage of bugs • Used to mount DoS attacks • Addressing malware vital to improving computer security • Computer security vital to protecting critical infrastructure

  4. Myth of Absolute Security • The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.  — Gene Spafford • People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.  — Bruce Schneier

  5. Risk Management • Risk others pose to you: 6 factors • Importance of the information • Impact if the security is breached • Who is the potential attacker • Attacker’s skills and resources • Constraints imposed by legitimate use • Resources available for security • Also,risk you pose to others…

  6. Cost of Malware • Difficult to assess • “Real costs” and “hidden costs”? • We’ll say direct costs and indirect costs • Direct costs --- computer is down, resources devoted to security, etc. • Indirect costs --- reputation, leaked information, etc. • Also costs to individuals

  7. Cost of Malware • According toBusiness Week • From paper by Ross Anderson, et al • Cyber crime cost$100Bin 2012 • Includes cost of direct, indirect, anticipation (i.e., AV), reputation, etc. • Market forAVproducts • $29 billion in 2008 • So, are people spending too much? • “Beware the prophet seeking profit”

  8. Number of Threats • Estimates vary by a factor of 2 • What to count? • All metamorphic copies? • In 1998, 15,000 automatically generated viruses appeared overnight • May also be some unknown malware • Malware is very target-specific • Should you care if you’re not affected?

  9. Speed of Propagation • In the past, • Propagation speed measured in months • For some malware, speed now measured in minutes or seconds • Not so popular today as when book written Worm propagation

  10. Speed of Propagation

  11. Speed of Propagation • To move curve to the left… • Attacker needs better search strategy • Warhol worm, flash worm, etc. • To move curve to the right… • Good guys need better defenses • To flatten curve… • Fewer vulnerable hosts/better defenses

  12. People • People are social, trusting, etc. • Good for friends, bad for security • People are often the problem • Social engineering attacks • Email scams • People click on links • Some people cannot not click on a link…

  13. People • People don’t demand enough of software vendors • With respect to security, that is • People want features, not security • Security is an anti-feature --- no attacks • My perspective… • Don’t fight against human nature • Users don’t want to be security experts • We don’t expect everyone to service their car, repair their drywall, etc.

  14. About this Book • Chapter 2: groundwork • Definitions and malware timeline • Chapter 3: viruses • Chapter 4: anti-virus techniques • Chapter 5: anti-anti-virus techniques • Chapter 6: exploited weaknesses • Both technical and social

  15. About this Book • Chapter 7: worms • Chapter 8: defenses against worms • Chapter 9: applications of malware • Chapter 10: people who create malware and defend against it • Chapter 11: final thoughts

  16. About this Book • Endnotes • 1 thru 99 --- additional related content • 100 and up --- citations and pointers • Lots of “can”, “could”, “may”, “might” • Not because author is wishy-washy • Because malware is malleable • Not a programming book, but programming knowledge is assumed

  17. Words of Warning • Working with malware is risky • Do all work in a lab or virtual machine disconnected from the network • Creating/distributing malware may violate local laws • Criminal and/or civil penalties possible • Defensive techniques can cause legal trouble too (e.g., patents)

More Related